Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.microsandbox.dev/llms.txt

Use this file to discover all available pages before exploring further.

External client mode exposes a sandbox as an SSH server for tools that already speak SSH. This is the closest match for normal SSH usage: authorize a public key, serve the sandbox, then connect with ssh or sftp.

Authorize a key

msb ssh authorize --file ~/.ssh/id_ed25519.pub
msb ssh authorize --key "ssh-ed25519 AAAA... user@host"
cat ~/.ssh/id_ed25519.pub | msb ssh authorize --stdin
Keys are appended to <MSB_HOME>/ssh/authorized_keys. Existing keys are deduplicated by public-key material.

TCP listener

msb ssh serve devbox
The default listener is 127.0.0.1:2222. 
ssh -p 2222 root@127.0.0.1
sftp -P 2222 root@127.0.0.1
Choose a different bind address or port when needed: 
msb ssh serve devbox --host 127.0.0.1 --port 2223
Binding to 0.0.0.0 exposes the SSH listener beyond the local machine. Keep the default loopback bind unless you intentionally want remote clients to connect.

ProxyCommand

--stdio serves one SSH transport over stdin/stdout. Use it when the SSH client should spawn msb as its transport bridge instead of connecting to a TCP listener. 
Host devbox.msb
  User root
  ProxyCommand msb ssh serve devbox --stdio
Then use regular OpenSSH commands: 
ssh devbox.msb
sftp devbox.msb

SDK server endpoints

The Rust SDK exposes the general form: prepare an SSH server endpoint, then pass each ordered duplex stream to serve(stream). 
let server = sandbox
    .ssh()
    .server_with(|ssh| ssh.sftp(true))
    .await?;

server.serve(stream).await?;
The TypeScript, Python, and Go SDKs expose stdio server helpers for process-bridge use cases. See the SDK reference pages for the exact language-specific surface.